That is a fair assessment, essentially voicing that had they understood the problem from Saturday in the context of a larger attack, they would have reacted differently. And we did put post up as soon as it became so clear user accounts compromised on Sunday afternoon.” We didn't take the bigger threat seriously. ![]() "We thought it was just the company email that had been compromised on Saturday. ![]() Frankly a lot of firms have the problems Gawker has and just have not been exposed. My second concern or motivation is when the details of a breach do come out, and they rarely do, to document it such that not every organization has to go through the experience Gawker has, to learn what is necessary. That they have not hired the right leadership for security, implemented the right program, and then taken the correct tactical steps (for Gawker: exercising an incident response plan, implementing password complexity and use requirements, having an intrusion management strategy,having a data breach plan) in the context of an overall information security strategy. What I mean by that, is that people focus in on the specific security problem at fault in the breach (it was an unpatched server, it was a PHP file injection, it was a SQL injection, it was a VPN with only password authentication, etc.) rather than seeing that the strategic problem was that the affected firm was just not taking information security that seriously, that if the breach wasn’t based on one weakness, it would have been on another. ![]() My first concern, an ongoing concern with coverage of security events, is that the story of a data breach is not always seen in a wide context. Most security and IT compliance folks tend to tell it like it is, and I try to do the same. The first thing he noted was that the piece in Forbes was “brutal but fair.” I appreciate knowing the piece was seen as fair, and didn’t intend for it to be brutal.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |